Gervase Markham wrote:
>...
> The backend work is mostly in place for this sort of thing. What needs
> doing is for someone to come up with a complete design for the UI for
> the "Zone" system's preferences, so that you can define a number of
> named security Zones, and set preferences for access to any DOM
> property or function (including window.open()) for each zone.
Not at all. After spending the last couple of years fiddling with
various UI ideas for zone prefs, I've come to the same conclusions Ben
Bucksch has. It's not reasonable to expect users to understand and
configure zones, and maintain whitelists *or* blacklists, in order to do
something as relatively simple as banning cyclical popup windows.
If you don't like windows popping up without your permission, you don't
like windows popping up without your permission. You're not going to
like it any more or less on particular sites, even if it were possible
to you to cover the entire Web with a whitelist or blacklist (which of
course it isn't).
Certainly zones may be a useful extension later on, but they wouldn't be
limited just to scripts. I think their primary use would be for
whitelists for setting permissions on running local executables, and
access to local Java classes, and things like that. Anyway, zone UI
shouldn't block implementation of a basic UI for setting the default
JavaScript settings.
> Anyone feel like doing a UI design for this?
>...
With pleasure. This is a slightly updated version of the design I've
been working on since 1999:
+--------------------------------------------------------------------+
| Navigator Preferences :::::::::::::::::::::::::::::::::::::::::::::|
+--------------------------------------------------------------------+
| |
| +-----------------+-+ Scripts & Windows :::::::::::::::::::::::::: |
| | Languages | | |
| | Identity | | _[/] Enable Java_Script___________________ |
| | Connection | | | _Allow scripts to do the following: | |
| | Helper Apps | | | +------------------------------------+-+ | |
| | Start Pages | | | |[/] Open windows by themselves |A| | |
| | Appearance | | | |[ ] Resize existing windows |V| | |
| | Accessibility | | | +------------------------------------+-+ | |
| | Fonts | | +------------------------------------------+ |
| | Colors&Effects | | Open _Web page links in new windows: |
| | Multimedia | | (*) when specified by the page |
| |::Scripts&Windows| | ( ) only when I choose "Open in New Window"|
| | Privacy | | Open links from _other applications in: |
| | History&Cache | | (*) new windows ( ) existing windows |
| | System | | |
| +-----------------+-+ :::::::::::::::::::::::::::::::::::::::::::: |
| |
| [?] ( Cancel ) (( OK )) |
+--------------------------------------------------------------------+
The `Allow scripts to do the following' tree contains the following:
[/] Open windows by themselves
[ ] Move or resize existing windows
[ ] Flip over or under other windows
[/] Detect when I leave a page
[/] Change status bar text
[/] Load images or other objects
[/] Set cookies
[/] Read cookies
[/] Access my History
These are basically English translations of the potentially obnoxious
JavaScript calls. The exception is `Open windows by themselves', which
means doing a window.open() in response to something *other than* a
click on a link or other object.
window.open() in response to a click on a link or other object is
covered by `Open Web page links in new windows'. That section also
covers <a href="whatever" target="_new">bar</a> -- the exact mechanism
used to open new windows in response to a click is an implementation
detail, so there is no need to make such a distinction in the UI.
(That's why this category is `Scripts & Windows', and not just `Scripts'.)
Finally, The `Open links from other applications in' bit is for when you
click on a link in Mozilla mail/news, or in mIRC, or in your file
manager, or whatever. It's a separate feature
<http://bugzilla.mozilla.org/show_bug.cgi?id=75138>, but belongs on the
same panel so as to contrast obviously with `Open Web page links in'.
--
Matthew `mpt' Thomas, Mozilla UI Design component default assignee thing
<http://mozilla.org/>
